Wimad-E-virus????

jonofisher · #1 21 Sep 2008, 16:43

HI Evil Fantasy - Jag har ett liknande problem för andra användare här. Jag har laddat ner och kör combofix, vars utsignal ger nedan. Jag skulle uppskatta all hjälp du kan ge. Jag vet filen att trojanen kom - Jag har försökt att ta bort det men windows kommer inte låta mig - säger att det är i bruk. Alla tankar skulle vara mycket välkommet.

Tack

ComboFix 08-09-20.05 - Administratör 2008-09-22 0:29:51.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT 1:00]
Running from: C: \ Documents and Settings \ Administratör \ Desktop \ ComboFix.exe
* Skapat en ny återställningspunkt
VARNING-Den här maskinen har inte Återställningskonsolen INSTALLERADE!
.
((((((((((((((((((((((((((((((((((((((( Andra Strykningar ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ 2o7 [1]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administrator@ad.yi eldmanager [1]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ adver tising [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administrator@ehg-baa.hitbox [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administrator@ehg-discoverynetwork.hitbox [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administrator@ehg-mastercard.hitbox [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administrator@ehg-tfl.hitbox [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ foxto ns.co [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ träffar. gureport.co [1]. txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ nyheter. uk.msn [2]. txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ revsc i [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ RTM [6]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ Servi ng-sys [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ speci ficclick [1]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ statc ounter [1]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administrator@ths.n ews.com [2]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ handel Dubbleraren [1]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administratör @ tsw0 [1]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administrator@ww0.t imeout [1]. Txt
C: \ Documents and Settings \ Administratör \ Cookies \ administrator@www.r eed.co [2]. Txt
C: \ WINDOWS \ system32 \ lsprst7.dll
.
((((((((((((((((((((((((( Files Created från 2008-08-21 till 2008-09-21 ))))))))))) ))))))))))))))))))))
.
2008-09-22 00:28. 2008-09-16 01:03 <DIR> d -------- C: \ 32788R22FWJFW
2008-09-22 00:00. 2008-09-22 00:00 <DIR> d -------- C: \ Program Files \ utrota It!
2008-09-14 21:22. 2008-04-14 01:12 221.184 - en ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ scripting
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ sv
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ l2schemas
2008-09-14 20:27. 2008-04-13 18:28 2,940,928 --------- C: \ WINDOWS \ system32 \ dllcache \ wmploc.dll
2008-09-14 20:26. 2008-04-14 01:10 844,314 --------- C: \ WINDOWS \ system32 \ dllcache \ msdxm.ocx
2008-09-13 18:04. 2008-09-13 18:04 <DIR> d -------- C: \ Program \ Java
2008-09-13 18:04. 2008-09-13 18:05 <DIR> d -------- C: \ Documents and Settings \ Administratör \ Application Data \ LimeWire
2008-09-13 18:04. 2008-06-10 02:32 73,728 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-09-13 18:03. 2008-09-13 18:03 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2008-09-13 18:00. 2008-09-13 18:00 <DIR> d -------- C: \ Program Files \ LimeWire
2008-09-13 12:43. 2008-09-13 12:43 <DIR> d -------- C: \ Program Files \ iDump
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ Administratör \ Application Data \ Apple Computer
2008-09-13 12:08. 2008-04-17 13:12 107.368 - a ------ C: \ WINDOWS \ system32 \ GEARAspi.dll
2008-09-13 12:08. 2008-04-17 13:12 15.464 - a ------ C: \ WINDOWS \ system32 \ drivers \ GEARAspiWDM.sys
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program \ QuickTime
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ Bonjour
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ WINDOWS \ system32 \ DRVSTORE
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Apple Software Update
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 07:37 --------- d ----- w C: \ Documents and Settings \ Administratör \ Application Data \ skypePM
2008-08-03 07:35 --------- d ----- w C: \ Documents and Settings \ Administratör \ Application Data \ Skype
2008-08-03 07:32 --------- d ----- w C: \ Program Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Program Files \ Common Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Skype
2008-07-18 21:10 94.920 ---- aw C: \ WINDOWS \ system32 \ dllcache \ cdm.dll
2008-07-18 21:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-18 21:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-18 21:10 53.448 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuauclt.exe
2008-07-18 21:10 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008-07-18 21:10 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008-07-18 21:10 36.552 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
2008-07-18 21:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-18 21:09 563.912 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuapi.dll
2008-07-18 21:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-18 21:09 325.832 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wucltui.dll
2008-07-18 21:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-18 21:09 205.000 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuweb.dll
2008-07-18 21:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-18 21:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuaueng.dll
2008-07-07 20:26 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2008-07-07 20:26 253.952 ------ w C: \ WINDOWS \ system32 \ dllcache \ es.dll
2008-06-26 08:15 619.520 ------ w C: \ WINDOWS \ system32 \ dllcache \ urlmon.dll
2008-06-26 08:15 1.499.136 ------ w C: \ WINDOWS \ system32 \ dllcache \ shdocvw.dll
2008-06-24 16:43 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008-06-24 16:43 74.240 ------ w C: \ WINDOWS \ system32 \ dllcache \ mscms.dll
2008-06-23 15:09 666.112 ---- aw C: \ WINDOWS \ system32 \ wininet.dll
2008-06-23 15:09 666.112 ------ w C: \ WINDOWS \ system32 \ dllcache \ wininet.dll
2008-06-23 15:09 3,067,392 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Not * tomma poster & legit default poster visas inte
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]
"SWG" = "C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2008-04-21 68856]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"AVG7_CC" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-06-27 580096]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe" = "C: \ WINDOWS \ system32 \ bgsmsnd.exe" [2007-11-19 160136]
"QuickTime Task" = "C: \ Program \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched" = "C: \ Program \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"S3TRAY2" = "S3Tray2.exe" [2001-10-11 C: \ WINDOWS \ system32 \ S3Tray2.exe]
"AGRSMMSG" = "AGRSMMSG.exe" [2003-06-27 C: \ WINDOWS \ AGRSMMSG.exe]
"ATIModeChange" = "Ati2mdxx.exe" [2001-09-04 C: \ WINDOWS \ system32 \ Ati2mdxx.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-04-19 219136]
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Program \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
R3 Tp4Track, IBM PS / 2 TrackPoint Driver; C: \ WINDOWS \ system32 \ drivers \ tp4track.sys [2003-05-15 13904]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (f1882860-129d-11dd-89b6-000d60cb61ce)]
\ Shell \ AutoRun \ command - E: \ LaunchU3.exe
* Newly Created Service * - PROCEXP90
.
Innehållet i "Schemalagda aktiviteter" mapp
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.co.uk/
R0 -: HKCU-Main, Search Page = hxxp: / / www.google.com
R0 -: HKCU-Main, Search Bar = hxxp: / / www.google.com / se
R1 -: HKCU-Internet Settings, ProxyOverride = *. lokala
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & xportera till Microsoft Excel - C: \ progra ~ 1 \ mikro ~ 2 \ Office11 \ EXCEL.EXE/3000
O16 -: (2DAD3559-2923-4935-AD49-B673D2539944) - hxxp: / / www-307.ibm.com/pc/support/acpir.cab
C: \ WINDOWS \ Downloaded Program Files \ acpir.inf
C: \ WINDOWS \ System32 \ capicom.dll
C: \ WINDOWS \ Downloaded Program Files \ acpir2.dll
O16 -: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) - hxxps: / / www.select2perform.eu/cabs/QOLCheck.ocx
C: \ WINDOWS \ Downloaded Program Files \ QOLCheck.ocx
.
************************************************** ************************
CatchMe 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector av Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:32:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning dolda processer ...
scanning dold autostart poster ...
scanning dolda filer ...
scan completed successfully
dolda filer: 0
************************************************** ************************
.
--------------------- DLL-filer Loaded Under Running Processes ---------------------
PROCESS: C: \ WINDOWS \ system32 \ Winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Slutförande temne: 2008-09-22 0:33:07
ComboFix-karantän-files.txt 2008-09-21 23:33:06
Pre-Run: 9484075008 bytes gratis
Post-Run: 9686056960 bytes gratis
167 --- EOF --- 2008-09-16 07:01:45

**evilfantasy** · #2 21 Sep 2008, 17:37

Hämta TrendMicro HijackThis.exe (HJT) till skrivbordet.

Dubbelklicka på HJTInstall.
Klicka på Installera knappen.
Det kommer automatiskt plats HJT i C: \ Program \ TrendMicro \ HijackThis \ HijackThis.exe.
Efter installation, HijackThis bör öppna för dig.
Klicka på Har en av datorn och spara en loggfil knappen
HijackThis kommer att skanna och sedan en logg kommer att öppna i Anteckningar.
Kopiera och klistra in hela innehållet i loggfilen i ditt inlägg.
Don't har HijackThis fixa något ännu. Det mesta av vad man anser kommer att vara ofarliga eller till och med nödvändig.

jonofisher · #3 21 Sep 2008, 23:43

Tack för hjälpen. Produktionen av filen nedan:

Loggfil av Trend Micro HijackThis v2.0.2
Scan sparades vid 07:40:46 den 22/09/2008
Plattform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Kör processer:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ WINDOWS \ system32 \ bgsmsnd.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program \ Delade filer \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokala
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Skype add-on (Mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program \ google \ googletoolbar1.dll
O3 - Toolbar: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O4 - HKLM \ .. \ Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [bgsmsnd.exe] C: \ WINDOWS \ system32 \ bgsmsnd.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / bakgrund
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User "SYSTEM")
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra sammanhang menyobjektet: E & xportera till Microsoft Excel - res: / / C: \ progra ~ 1 \ mikro ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø9 - Extra button: (inget namn) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ mikro ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (2DAD3559-2923-4935-AD49-B673D2539944) (IASRunner Class) -- http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) (QOLCheck Control) -- https: / / www.select2perform.eu/cabs/QOLCheck.ocx
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ GEMENSAMMA ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati snabbtangent Poller - Unknown ägaren - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ progra ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown ägaren - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
--
End of file - 6502 bytes

**evilfantasy** · #4 22 Sep 2008, 07:42

Jag kan inte se någon malware, vilka problem du har?

Du kan köra söker här http://www.computer-juice.com/forums...-posting-7476/ och efter loggarna när klar. Titta på AVG information. Du behöver uppdatera din.

jonofisher · #5 22 Sep 2008, 10:38

Hej Evilfantasy - tack. Problemet är detta: En misstänkt mp3 var hämtat från LimeWire. Jag tycker att det har dubbel klickade på, och verkligen försökte att ladda i itunes. (Men det kommer inte att ha körts med mediaspelare - inte använder det - innebär att frågan som jag läste någonstans att wimad använder Windows MediaPlayer sårbarhet). Jag sedan skannade filen med AVG som plockade upp Wimad E. Men det brukar vara att låta mig ta bort det eller karantän det vidare, om jag bara försöka ta bort filen Windows säger att filen är i bruk och därför inte kan utgå .

Jag kommer att gå igenom de åtgärder som ni föreslår på den andra sidan.

Tack

**evilfantasy** · #6 22 Sep 2008, 10:41

Post loggen från MalwareBytes. Om det inte hittar det vi kommer att använda en skanner för att hitta den.

Liknande Trådar
Tråd	Thread Starter	Forum	Svar	Senaste Inlägg
Virus Fråga - Kan någon berätta för mig om jag kan ha ett virus	billozz	Virus, spionprogram och säkerhet	1	2 april 2009 13:58
Mina vänner MAC har ett virus ... Umm ... ja ... ett virus ...	cheesepuff	Virus, spionprogram och säkerhet	3	29 oktober 2008 12:58
Jag får bara ha ett virus.	xXeneXx	Virus, spionprogram och säkerhet	2	28 oktober 2008 17:26
Please Please Pleeease Hjälp Wimad-E-virus????	LiamRepiso	Virus, spionprogram och säkerhet	16	10:e sep 2008 04:39
Virus	lolli_pop	Virus, spionprogram och säkerhet	13	17 november 2007 09:42